EU GDPR Compliance checklist: What You Need to Know

According to Hubspot survey, just 36% of marketers have heard of GDPR, while 15% of companies have done nothing, and are at risk of non-compliance.

That’s plain sad. But, we are here to help you out

GDPR will affect how the marketing companies store, obtain, manage and process personal data of EU citizens (whether or not you are based in EU is immaterial).

Did you know that the potential fine for non-compliance can go upto €20 million or 4% of their global annual revenue (whichever is greater)?

I think GDPR has all your attention now. Of course, you cannot afford to ignore this!

The EU GDPR Compliance Checklist for B2B Marketing

Here is a GDPR Compliance Checklist you need to do follow in 2018

GDPR Checklist #1: Data Mapping And Accountability:

Not only do you need to conform to GDPR, you also need to demonstrate that.

So, what can you do to embed this culture in your organization?

A. Start with an extensive data audit to understand your obligations under GDPR.

It is simple, ask yourself

What data do you hold?

Why do you need that data?

What do you do with it?

Where is it held/stored? and

How do you process it?

Who is it held by?

What tools do you use? Do not forget to consider the information store in any marketing tool like Marketo or Hubspot. Check the agreements you have with these providers because they are processing personal data on your behalf.

In case the data is across platforms or locations, you should consolidate it at a central location.

C. You are also required to ensure the security of the data against any unauthorized use, disclosure or alteration using “appropriate technical and organizational security measures”. These could be –

Security measures like encryption and pseudonymization, and

data minimisation (you are allowed to collect data which is limited for the intended purpose of collection

GDPR Checklist #2: Transparency

Wasn’t that obvious?

A. Transparency is the heartbeat of GDPR and you need to know all the “Why’s” we discussed above.

This requirement revolves around one important question

Do you really NEED to hold this data?

Remember, your risks increase with more personal data.

B. It is important to review and update the privacy terms and conditions that are shared with customers to record any changes you have made.

C. You also need to have a data retention policy. Under GDPR, you are allowed to store data to fulfill the intended purpose only. If the purpose is over or the relationship is terminated, you should have a clear policy of how long will you be holding the data and the justification behind it.

GDPR Checklist #3: Consent

You cannot be sneaky with subscriptions or sending marketing emails.

GDPR has changed the opt-out practice to opt-in which means that users can receive marketing emails ONLY IF they consent to receive it.

You need to ensure that the person who is consenting is who they claim to be. For this purpose, you can send a follow-up email asking for confirmation.

You need to carry out a re-permission campaign. The consent you obtained before GDPR came into the picture (even though legally) will not be considered. So, review consents.

For the purposes of lead generation, we all develop content. When the users part away with their information, we tend to use it to send them other material. This cannot be done any longer with EU citizens. If you want to do this, you can add a simple checkbox (for consenting to receive marketing materials) to each lead magnet page/form.

Your opt-ins should have this clearly stated along with the above:

What they will be receiving

How will they receive it

What is the frequency of this

Who will have the access to data (including any third party) and details if the user wants to contact them.

GDPR Checklist #4: Data Subject Rights:

Users have the right to control their data under GDPR. This has created a buzz in the marketing arena

You know why, right?

Users have a “right to be forgotten” i.e. you may see an influx of requests to delete data from your database. Users can withdraw their consent at any time as well as restrict the use of personal data for only prescribed purposes.

It doesn’t end there! You also need to ensure that users know about this right of theirs.

Work toward putting a mechanism to comply with this.

These are a few important changes you need to comply with before May 2018.

Yes, GDPR is a step toward gaining control of your personal data. You need to remember that the data is not yours, it is of that individual. Comment below and let us know if this was helpful.

Contact Us

Author Ameet Bhinganiya

Ameet is the co-founder of OnlyB2B ITES Pvt Ltd, a Lead Generation Expert, and brings 10+ years of experience working with Marketing, Advertisements, NGO, BPO, and ITES etc.
Say hi on ameet.bhinganiya@only-b2b.com

ABOUT US

Only-B2B.com is a B2B demand generation powerhouse headquartered in San Francisco with operating centers in India. We help companies who are in constant search for business leads to make their marketing campaign a success. With us, you will experience a great blend of creativity and professionalism along with passion for what we do.

Resources

How to Get Better at B2B Lead Generation
B2B Lead Generation is one of the most challenging part is what all the marketers agree upon. Strategies used in B2B lead generation evolve as companies gain new insights into what does and doesn’t work.